« Previous Next »

Thread: Multiple session cookies problem

Last post 03-01-2009 6:19 PM by steve schofield. 5 replies.

Average Rating Rate It (5)

RSS

Page 1 of 1 (6 items)

Sort Posts:

Shortcuts

Search | Active Posts | Unanswered Posts | View all users

  • 02-27-2009, 6:13 PM

    • neitakk
    • Not Ranked
    • Joined on 02-27-2009, 11:07 PM
    • Posts 4

    Multiple session cookies problem

    Reply Contact
    Hi. I'm gonna try to explain the problem in short terms: On a shared Windows server which my host provide me, I'm getting multiple session cookies stored in the browser. This regards all browser types.
    • A clean ASP file with no code other then "response.write("Hello")
    • Updating the page in e.g. 5 minutes intervals
    • Every new session seems to make a new session cookie with a new ID
    • Eventually the cookie storage is full
    Why this is a problem? After the storage get's filled up, there is impossible to write custom cookies like for a login. This makes big problems for my users who never close the browser. The only way to get rid of the cookies is by manually deleting them or restarting the browser. How is it possible to avoid this problem?
    Tags:

  • 02-28-2009, 8:35 PM In reply to

    Re: Multiple session cookies problem

    Reply Contact

    Have you contacted your shared provider and explained the issue?

    Steve Schofield
    Windows Server MVP - IIS
    http://weblogs.asp.net/steveschofield


    http://www.IISLogs.com
    Log archival solution
    Install, Configure, Forget

  • 03-01-2009, 4:22 AM In reply to

    • neitakk
    • Not Ranked
    • Joined on 02-27-2009, 11:07 PM
    • Posts 4

    Re: Multiple session cookies problem

    Reply Contact

    Yes I have. They told me to try this forum.

    Here is an extract of what they answered:

    Hello Name1

    I think it's caused by the application pool recycle, as we said originally the ASP Session ID is destroyed and a new one created when the application recycles ... the problem is that application does not then delete the old ID because it has no prior knowledge of it .. I doubt they factored in for the fact that some users such of yourself would have visitors with browsers open for such long periods of time, when they designed it.

    We have increased the application recycle time of application pool your site utilises, this will help as you should only now have 6 ASPSESSIONID's being created per 24 hours.

  • 03-01-2009, 5:59 AM In reply to

    • neitakk
    • Not Ranked
    • Joined on 02-27-2009, 11:07 PM
    • Posts 4

    Re: Multiple session cookies problem

    Reply Contact
    Is it possible to make IIS set an expiration date on the Session Cookie? That would have solved my problem permanently.

  • 03-01-2009, 8:41 AM In reply to

    • neitakk
    • Not Ranked
    • Joined on 02-27-2009, 11:07 PM
    • Posts 4

    Re: Multiple session cookies problem

    Reply Contact

    I have created my own sollution for this problem, and would like to share it with everyone else:

    Add this code in your header

    <!-- Javascript function to set an expiration date on the ASP Session Cookies in order to destroy them if multiple Session Cookies -->

    <script type="text/javascript">
    function setCookie(c_name,value,expiredays)
    {
    var exdate=new Date();
    exdate.setDate(exdate.getDate()+expiredays);
    document.cookie=c_name+ "=" +escape(value)+
    ((expiredays==null) ? "" : ";expires="+exdate.toGMTString());
    }
    </script>

    <%
    Dim strSessionCookie, arrSessionCookie, a, i
    i = 0
    a = 1
    strSessionCookie = Request.ServerVariables("HTTP_COOKIE")

    if strSessionCookie <> "" then

    Dim intCookieValueStart, intCookieValueEnd, intCookieValueLength, strSessionCookieName, strSessionCookieValue

    arrSessionCookie = Split(strSessionCookie,";")

    if Ubound(arrSessionCookie) > 0 then

    if InStr(strSessionCookie,"YourLoginCookie") = 0 then a = 0

    if Ubound(arrSessionCookie) > a AND InStr(arrSessionCookie(Ubound(arrSessionCookie)),"NULL") = 0 then

    For i = 0 to Ubound(arrSessionCookie)
    if i = a AND InStr(arrSessionCookie(i),"ASPSESSIONID") then
    intCookieValueStart = InStr(arrSessionCookie(i),"=")
    intCookieValueEnd = Len(arrSessionCookie(i))
    intCookieValueLength = intCookieValueEnd - intCookieValueStart
    strSessionCookieName = Mid(arrSessionCookie(i),1,intCookieValueStart-1)
    strSessionCookieValue = Mid(arrSessionCookie(i),intCookieValueStart+1,intCookieValueLength)
    response.write("<script type=""text/javascript"">")
    response.write("setCookie('" & strSessionCookieName & "','NULL',0)")
    response.write("</script>")
    end if
    Next

    end if

    end if

    end if
    %>

  • 03-01-2009, 6:19 PM In reply to

    Re: Multiple session cookies problem

    Reply Contact

    Thanks for posting this solution.   The root issue is the application pool recycles which when using a shared provider, you are at their mercy for configuration.   The application should account for situations like this and code accordingly, which you did. 

    Steve Schofield
    Windows Server MVP - IIS
    http://weblogs.asp.net/steveschofield


    http://www.IISLogs.com
    Log archival solution
    Install, Configure, Forget
Page 1 of 1 (6 items)
Microsoft Communities